Skip to main content

ProverProof

kimchi::proof

Struct ProverProof 

Source 
pub struct ProverProof<G, OpeningProof, const FULL_ROUNDS: usize>
where
    G: CommitmentCurve,
    OpeningProof: OpenProof<G, FULL_ROUNDS>,
{
    pub commitments: ProverCommitments<G>,
    pub proof: OpeningProof,
    pub evals: ProofEvaluations<PointEvaluations<Vec<G::ScalarField>>>,
    pub ft_eval1: G::ScalarField,
    pub prev_challenges: Vec<RecursionChallenge<G>>,
}
Expand description

The proof that the prover creates from a ProverIndex and a witness.

Fields§

§commitments: ProverCommitments<G>

All the polynomial commitments required in the proof

§proof: OpeningProof

batched commitment opening proof

§evals: ProofEvaluations<PointEvaluations<Vec<G::ScalarField>>>

Two evaluations over a number of committed polynomials

§ft_eval1: G::ScalarField

Required evaluation for Maller’s optimization

§prev_challenges: Vec<RecursionChallenge<G>>

Accumulators from previously verified proofs in the recursion chain.

Each RecursionChallenge stores the IPA folding challenges and accumulated commitment from verifying a previous proof. Instead of checking the IPA immediately (which requires an expensive MSM <s, G> where s has 2^k elements), we defer this check by storing the accumulator.

During verification, these accumulators are processed as follows:

  1. The commitments are absorbed into the Fiat-Shamir sponge
  2. The challenges are used to compute evaluations of b(X) at zeta and zeta * omega (see RecursionChallenge::evals)
  3. These evaluations are paired with the commitments and included in the batched polynomial commitment check

The actual MSM verification happens in SRS::verify (see poly-commitment/src/ipa.rs), where b_poly_coefficients computes the 2^k coefficients and they are batched into a single large MSM with all other verification checks.

This design enables efficient recursive proof composition as described in Section 3.2 of the Halo paper.

Implementations§

Source§

impl<G, OpeningProof, const FULL_ROUNDS: usize> ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: KimchiCurve<FULL_ROUNDS>, G::BaseField: PrimeField, OpeningProof: OpenProof<G, FULL_ROUNDS>,

Source

pub fn create<EFqSponge, EFrSponge, RNG>( groupmap: &G::Map, witness: [Vec<G::ScalarField>; 15], runtime_tables: &[RuntimeTable<G::ScalarField>], index: &ProverIndex<FULL_ROUNDS, G, OpeningProof::SRS>, rng: &mut RNG, ) -> Result<Self, ProverError>
where EFqSponge: Clone + FqSponge<G::BaseField, G, G::ScalarField, FULL_ROUNDS>, EFrSponge: FrSponge<G::ScalarField> + From<&'static ArithmeticSpongeParams<G::ScalarField, FULL_ROUNDS>>, RNG: RngCore + CryptoRng, VerifierIndex<FULL_ROUNDS, G, OpeningProof::SRS>: Clone,

This function constructs prover’s zk-proof from the witness & the ProverIndex against SRS instance

§Errors

Will give error if create_recursive process fails.

Source

pub fn create_recursive<EFqSponge, EFrSponge, RNG>( group_map: &G::Map, witness: [Vec<G::ScalarField>; 15], runtime_tables: &[RuntimeTable<G::ScalarField>], index: &ProverIndex<FULL_ROUNDS, G, OpeningProof::SRS>, prev_challenges: Vec<RecursionChallenge<G>>, blinders: Option<[Option<PolyComm<G::ScalarField>>; 15]>, rng: &mut RNG, ) -> Result<Self, ProverError>
where EFqSponge: Clone + FqSponge<G::BaseField, G, G::ScalarField, FULL_ROUNDS>, EFrSponge: FrSponge<G::ScalarField> + From<&'static ArithmeticSpongeParams<G::ScalarField, FULL_ROUNDS>>, RNG: RngCore + CryptoRng, VerifierIndex<FULL_ROUNDS, G, OpeningProof::SRS>: Clone,

This function constructs prover’s recursive zk-proof from the witness & the ProverIndex against SRS instance

§Errors

Will give error if inputs(like lookup_context.joint_lookup_table_d8) are None.

§Panics

Will panic if lookup_context.joint_lookup_table_d8 is None.

Source§

impl<const FULL_ROUNDS: usize, G, OpeningProof> ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: KimchiCurve<FULL_ROUNDS>, OpeningProof: OpenProof<G, FULL_ROUNDS>, G::BaseField: PrimeField,

Source

pub fn oracles<EFqSponge, EFrSponge, Srs>( &self, index: &VerifierIndex<FULL_ROUNDS, G, Srs>, public_comm: &PolyComm<G>, public_input: Option<&[G::ScalarField]>, ) -> Result<OraclesResult<FULL_ROUNDS, G, EFqSponge>>
where EFqSponge: Clone + FqSponge<G::BaseField, G, G::ScalarField, FULL_ROUNDS>, EFrSponge: FrSponge<G::ScalarField> + From<&'static ArithmeticSpongeParams<G::ScalarField, FULL_ROUNDS>>,

This function runs the random oracle argument

§Errors

Will give error if commitment(s) are invalid(missing or wrong length), or proof is verified as invalid.

§Panics

Will panic if PolishToken evaluation is invalid.

Trait Implementations§

Source§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Clone for ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: CommitmentCurve + Clone, OpeningProof: OpenProof<G, FULL_ROUNDS> + Clone, G::ScalarField: Clone,

Source§

fn clone(&self) -> ProverProof<G, OpeningProof, FULL_ROUNDS>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Debug for ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: CommitmentCurve + Debug, OpeningProof: OpenProof<G, FULL_ROUNDS> + Debug, G::ScalarField: Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de, G, OpeningProof, const FULL_ROUNDS: usize> Deserialize<'de> for ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: CommitmentCurve + CanonicalDeserialize + CanonicalSerialize, OpeningProof: OpenProof<G, FULL_ROUNDS> + Deserialize<'de>,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<G, OpeningProof, const FULL_ROUNDS: usize> PartialEq for ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: CommitmentCurve + PartialEq, OpeningProof: OpenProof<G, FULL_ROUNDS> + PartialEq, G::ScalarField: PartialEq,

Source§

fn eq(&self, other: &ProverProof<G, OpeningProof, FULL_ROUNDS>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Serialize for ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: CommitmentCurve + CanonicalDeserialize + CanonicalSerialize, OpeningProof: OpenProof<G, FULL_ROUNDS> + Serialize,

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl<G, OpeningProof, const FULL_ROUNDS: usize> StructuralPartialEq for ProverProof<G, OpeningProof, FULL_ROUNDS>
where G: CommitmentCurve, OpeningProof: OpenProof<G, FULL_ROUNDS>,

Auto Trait Implementations§

§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Freeze for ProverProof<G, OpeningProof, FULL_ROUNDS>
where OpeningProof: Freeze, <G as AffineRepr>::ScalarField: Freeze,

§

impl<G, OpeningProof, const FULL_ROUNDS: usize> RefUnwindSafe for ProverProof<G, OpeningProof, FULL_ROUNDS>
where OpeningProof: RefUnwindSafe, <G as AffineRepr>::ScalarField: RefUnwindSafe, G: RefUnwindSafe,

§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Send for ProverProof<G, OpeningProof, FULL_ROUNDS>
where OpeningProof: Send,

§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Sync for ProverProof<G, OpeningProof, FULL_ROUNDS>
where OpeningProof: Sync,

§

impl<G, OpeningProof, const FULL_ROUNDS: usize> Unpin for ProverProof<G, OpeningProof, FULL_ROUNDS>
where OpeningProof: Unpin, <G as AffineRepr>::ScalarField: Unpin, G: Unpin,

§

impl<G, OpeningProof, const FULL_ROUNDS: usize> UnwindSafe for ProverProof<G, OpeningProof, FULL_ROUNDS>
where OpeningProof: UnwindSafe, <G as AffineRepr>::ScalarField: UnwindSafe, G: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,